packages/libsemanage
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!72 [sync] PR-70: sync branch patch

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @HuaxinLuGitee 
Signed-off-by: @HuaxinLuGitee
This commit is contained in:
openeuler-ci-bot 2025-04-24 11:41:45 +00:00 committed by Gitee
commit 3ae0f4b58c
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
5 changed files with 695 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

527
backport-libsemanage-drop-duplicate-newlines-and-error-descriptions-in-error-messages.patch Normal file
View File

@ -0,0 +1,527 @@
From 4a8407a2ee9cc3b458eb1f71cc3820bce728a5b7 Mon Sep 17 00:00:00 2001
From: changhan <changhan@xfusion.com>
Date: Fri, 18 Apr 2025 16:07:23 +0800
Subject: [PATCH]
libsemanage-drop-duplicate-newlines-and-error-descriptions-in-error-messages
Reference: https://github.com/SELinuxProject/selinux/commit/d3a5ae39bee42eac520a3d07f252251a2167a323
---
src/compressed_file.c | 4 +-
src/database_file.c | 4 +-
src/database_policydb.c | 4 +-
src/direct_api.c | 98 ++++++++++++++++++++---------------------
src/genhomedircon.c | 2 +-
src/handle.c | 2 +-
src/parse_utils.c | 4 +-
src/semanage_store.c | 6 +--
8 files changed, 60 insertions(+), 64 deletions(-)
diff --git a/src/compressed_file.c b/src/compressed_file.c
index d6a8526..3718ad9 100644
--- a/src/compressed_file.c
+++ b/src/compressed_file.c
@@ -174,13 +174,13 @@ int map_compressed_file(semanage_handle_t *sh, const char *path,
fd = open(path, O_RDONLY | O_CLOEXEC);
if (fd == -1) {
- ERR(sh, "Unable to open %s\n", path);
+ ERR(sh, "Unable to open %s.", path);
return -1;
}
file = fdopen(fd, "r");
if (file == NULL) {
- ERR(sh, "Unable to open %s\n", path);
+ ERR(sh, "Unable to open %s.", path);
close(fd);
return -1;
}
diff --git a/src/database_file.c b/src/database_file.c
index 4737d57..0ee5d39 100644
--- a/src/database_file.c
+++ b/src/database_file.c
@@ -130,8 +130,8 @@ static int dbase_file_flush(semanage_handle_t * handle, dbase_file_t * dbase)
str = fopen(fname, "we");
umask(mask);
if (!str) {
- ERR(handle, "could not open %s for writing: %s",
- fname, strerror(errno));
+ ERR(handle, "could not open %s for writing",
+ fname);
goto err;
}
__fsetlocking(str, FSETLOCKING_BYCALLER);
diff --git a/src/database_policydb.c b/src/database_policydb.c
index 079d573..d1472a2 100644
--- a/src/database_policydb.c
+++ b/src/database_policydb.c
@@ -113,8 +113,8 @@ static int dbase_policydb_cache(semanage_handle_t * handle,
* ENOENT is not fatal - we just create an empty policydb */
fp = fopen(fname, "rbe");
if (fp == NULL && errno != ENOENT) {
- ERR(handle, "could not open %s for reading: %s",
- fname, strerror(errno));
+ ERR(handle, "could not open %s for reading",
+ fname);
goto err;
}
diff --git a/src/direct_api.c b/src/direct_api.c
index 9c35bc0..025b26e 100644
--- a/src/direct_api.c
+++ b/src/direct_api.c
@@ -313,7 +313,7 @@ int semanage_direct_connect(semanage_handle_t * sh)
/* The file does not exist */
sepol_set_disable_dontaudit(sh->sepolh, 0);
} else {
- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ ERR(sh, "Unable to access %s.", path);
goto err;
}
@@ -595,7 +595,7 @@ static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int
}
data_read = malloc(max_len * sizeof(*data_read));
if (data_read == NULL) {
- ERR(sh, "Failed to malloc, out of memory.\n");
+ ERR(sh, "Failed to malloc, out of memory.");
return -1;
}
@@ -607,7 +607,7 @@ static int read_from_pipe_to_data(semanage_handle_t *sh, size_t initial_len, int
max_len *= 2;
tmp = realloc(data_read, max_len);
if (tmp == NULL) {
- ERR(sh, "Failed to realloc, out of memory.\n");
+ ERR(sh, "Failed to realloc, out of memory.");
free(data_read);
return -1;
}
@@ -649,93 +649,93 @@ static int semanage_pipe_data(semanage_handle_t *sh, char *path, char *in_data,
retval = pipe2(input_fd, O_CLOEXEC);
if (retval == -1) {
- ERR(sh, "Unable to create pipe for input pipe: %s\n", strerror(errno));
+ ERR(sh, "Unable to create pipe for input pipe.");
goto cleanup;
}
retval = pipe2(output_fd, O_CLOEXEC);
if (retval == -1) {
- ERR(sh, "Unable to create pipe for output pipe: %s\n", strerror(errno));
+ ERR(sh, "Unable to create pipe for output pipe.");
goto cleanup;
}
retval = pipe2(err_fd, O_CLOEXEC);
if (retval == -1) {
- ERR(sh, "Unable to create pipe for error pipe: %s\n", strerror(errno));
+ ERR(sh, "Unable to create pipe for error pipe.");
goto cleanup;
}
pid = fork();
if (pid == -1) {
- ERR(sh, "Unable to fork from parent: %s.", strerror(errno));
+ ERR(sh, "Unable to fork from parent.");
retval = -1;
goto cleanup;
} else if (pid == 0) {
retval = dup2(input_fd[PIPE_READ], STDIN_FILENO);
if (retval == -1) {
- ERR(sh, "Unable to dup2 input pipe: %s\n", strerror(errno));
+ ERR(sh, "Unable to dup2 input pipe.");
goto cleanup;
}
retval = dup2(output_fd[PIPE_WRITE], STDOUT_FILENO);
if (retval == -1) {
- ERR(sh, "Unable to dup2 output pipe: %s\n", strerror(errno));
+ ERR(sh, "Unable to dup2 output pipe.");
goto cleanup;
}
retval = dup2(err_fd[PIPE_WRITE], STDERR_FILENO);
if (retval == -1) {
- ERR(sh, "Unable to dup2 error pipe: %s\n", strerror(errno));
+ ERR(sh, "Unable to dup2 error pipe.");
goto cleanup;
}
retval = close(input_fd[PIPE_WRITE]);
if (retval == -1) {
- ERR(sh, "Unable to close input pipe: %s\n", strerror(errno));
+ ERR(sh, "Unable to close input pipe.");
goto cleanup;
}
retval = close(output_fd[PIPE_READ]);
if (retval == -1) {
- ERR(sh, "Unable to close output pipe: %s\n", strerror(errno));
+ ERR(sh, "Unable to close output pipe.");
goto cleanup;
}
retval = close(err_fd[PIPE_READ]);
if (retval == -1) {
- ERR(sh, "Unable to close error pipe: %s\n", strerror(errno));
+ ERR(sh, "Unable to close error pipe.");
goto cleanup;
}
retval = execl(path, path, NULL);
if (retval == -1) {
- ERR(sh, "Unable to execute %s : %s\n", path, strerror(errno));
+ ERR(sh, "Unable to execute %s.", path);
_exit(EXIT_FAILURE);
}
} else {
retval = close(input_fd[PIPE_READ]);
input_fd[PIPE_READ] = -1;
if (retval == -1) {
- ERR(sh, "Unable to close read end of input pipe: %s\n", strerror(errno));
+ ERR(sh, "Unable to close read end of input pipe.");
goto cleanup;
}
retval = close(output_fd[PIPE_WRITE]);
output_fd[PIPE_WRITE] = -1;
if (retval == -1) {
- ERR(sh, "Unable to close write end of output pipe: %s\n", strerror(errno));
+ ERR(sh, "Unable to close write end of output pipe.");
goto cleanup;
}
retval = close(err_fd[PIPE_WRITE]);
err_fd[PIPE_WRITE] = -1;
if (retval == -1) {
- ERR(sh, "Unable to close write end of error pipe: %s\n", strerror(errno));
+ ERR(sh, "Unable to close write end of error pipe.");
goto cleanup;
}
retval = write(input_fd[PIPE_WRITE], in_data, in_data_len);
if (retval == -1) {
- ERR(sh, "Failed to write data to input pipe: %s\n", strerror(errno));
+ ERR(sh, "Failed to write data to input pipe.");
goto cleanup;
}
retval = close(input_fd[PIPE_WRITE]);
input_fd[PIPE_WRITE] = -1;
if (retval == -1) {
- ERR(sh, "Unable to close write end of input pipe: %s\n", strerror(errno));
+ ERR(sh, "Unable to close write end of input pipe.");
goto cleanup;
}
@@ -747,7 +747,7 @@ static int semanage_pipe_data(semanage_handle_t *sh, char *path, char *in_data,
retval = close(output_fd[PIPE_READ]);
output_fd[PIPE_READ] = -1;
if (retval == -1) {
- ERR(sh, "Unable to close read end of output pipe: %s\n", strerror(errno));
+ ERR(sh, "Unable to close read end of output pipe.");
goto cleanup;
}
@@ -759,7 +759,7 @@ static int semanage_pipe_data(semanage_handle_t *sh, char *path, char *in_data,
retval = close(err_fd[PIPE_READ]);
err_fd[PIPE_READ] = -1;
if (retval == -1) {
- ERR(sh, "Unable to close read end of error pipe: %s\n", strerror(errno));
+ ERR(sh, "Unable to close read end of error pipe.");
goto cleanup;
}
@@ -918,7 +918,7 @@ static int semanage_compile_module(semanage_handle_t *sh,
status = map_compressed_file(sh, hll_path, &hll_contents);
if (status < 0) {
- ERR(sh, "Unable to read file %s\n", hll_path);
+ ERR(sh, "Unable to read file %s.", hll_path);
goto cleanup;
}
@@ -928,16 +928,13 @@ static int semanage_compile_module(semanage_handle_t *sh,
if (err_data_len > 0) {
for (start = end = err_data; end < err_data + err_data_len; end++) {
if (*end == '\n') {
- fprintf(stderr, "%s: ", modinfo->name);
- fwrite(start, 1, end - start + 1, stderr);
+ ERR(sh, "%s: %.*s.", modinfo->name, (int)(end - start + 1), start);
start = end + 1;
}
}
if (end != start) {
- fprintf(stderr, "%s: ", modinfo->name);
- fwrite(start, 1, end - start, stderr);
- fprintf(stderr, "\n");
+ ERR(sh, "%s: %.*s.", modinfo->name, (int)(end - start), start);
}
}
if (status != 0) {
@@ -951,14 +948,14 @@ static int semanage_compile_module(semanage_handle_t *sh,
status = write_compressed_file(sh, cil_path, cil_data, cil_data_len);
if (status == -1) {
- ERR(sh, "Failed to write %s\n", cil_path);
+ ERR(sh, "Failed to write %s.", cil_path);
goto cleanup;
}
if (sh->conf->remove_hll == 1) {
status = unlink(hll_path);
if (status != 0) {
- ERR(sh, "Error while removing HLL file %s: %s", hll_path, strerror(errno));
+ ERR(sh, "Error while removing HLL file %s.", hll_path);
goto cleanup;
}
@@ -1037,8 +1034,7 @@ static int semanage_compile_hll_modules(semanage_handle_t *sh,
unmap_compressed_file(&contents);
continue;
} else if (errno != ENOENT) {
- ERR(sh, "Unable to access %s: %s\n", cil_path,
- strerror(errno));
+ ERR(sh, "Unable to access %s.", cil_path);
return -1; //an error in the "stat" call
}
}
@@ -1063,7 +1059,7 @@ static int semanage_compare_checksum(semanage_handle_t *sh, const char *referenc
fd = open(path, O_RDONLY | O_CLOEXEC);
if (fd == -1) {
if (errno != ENOENT) {
- ERR(sh, "Unable to open %s: %s\n", path, strerror(errno));
+ ERR(sh, "Unable to open %s.", path);
return -1;
}
/* Checksum file not present - force a rebuild. */
@@ -1071,21 +1067,21 @@ static int semanage_compare_checksum(semanage_handle_t *sh, const char *referenc
}
if (fstat(fd, &sb) == -1) {
- ERR(sh, "Unable to stat %s\n", path);
+ ERR(sh, "Unable to stat %s.", path);
retval = -1;
goto out_close;
}
if (sb.st_size != (off_t)CHECKSUM_CONTENT_SIZE) {
/* Incompatible/invalid hash type - just force a rebuild. */
- WARN(sh, "Module checksum invalid - forcing a rebuild\n");
+ WARN(sh, "Module checksum invalid - forcing a rebuild.");
retval = 1;
goto out_close;
}
data = mmap(NULL, CHECKSUM_CONTENT_SIZE, PROT_READ, MAP_PRIVATE, fd, 0);
if (data == MAP_FAILED) {
- ERR(sh, "Unable to mmap %s\n", path);
+ ERR(sh, "Unable to mmap %s.", path);
retval = -1;
goto out_close;
}
@@ -1194,7 +1190,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
/* The file does not exist */
do_rebuild |= (sepol_get_disable_dontaudit(sh->sepolh) == 1);
} else {
- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ ERR(sh, "Unable to access %s.", path);
retval = -1;
goto cleanup;
}
@@ -1225,7 +1221,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
/* The file does not exist */
do_rebuild |= (sepol_get_preserve_tunables(sh->sepolh) == 1);
} else {
- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ ERR(sh, "Unable to access %s.", path);
retval = -1;
goto cleanup;
}
@@ -1261,7 +1257,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
path = semanage_path(SEMANAGE_TMP, semanage_computed_files[i]);
if (stat(path, &sb) != 0) {
if (errno != ENOENT) {
- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ ERR(sh, "Unable to access %s.", path);
retval = -1;
goto cleanup;
}
@@ -1285,7 +1281,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
retval = semanage_compile_hll_modules(sh, modinfos, num_modinfos,
modules_checksum);
if (retval < 0) {
- ERR(sh, "Failed to compile hll files into cil files.\n");
+ ERR(sh, "Failed to compile hll files into cil files.");
goto cleanup;
}
@@ -1298,7 +1294,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
retval = semanage_write_modules_checksum(sh, modules_checksum);
if (retval < 0) {
- ERR(sh, "Failed to write module checksum file.\n");
+ ERR(sh, "Failed to write module checksum file.");
goto cleanup;
}
}
@@ -1419,7 +1415,7 @@ static int semanage_direct_commit(semanage_handle_t * sh)
/* The file does not exist */
pseusers->dtable->clear(sh, pseusers->dbase);
} else {
- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ ERR(sh, "Unable to access %s.", path);
retval = -1;
goto cleanup;
}
@@ -1707,13 +1703,13 @@ static int semanage_direct_install_file(semanage_handle_t * sh,
retval = map_compressed_file(sh, install_filename, &contents);
if (retval < 0) {
- ERR(sh, "Unable to read file %s\n", install_filename);
+ ERR(sh, "Unable to read file %s", install_filename);
goto cleanup;
}
path = strdup(install_filename);
if (path == NULL) {
- ERR(sh, "No memory available for strdup.\n");
+ ERR(sh, "No memory available for strdup.");
retval = -1;
goto cleanup;
}
@@ -1754,12 +1750,12 @@ static int semanage_direct_install_file(semanage_handle_t * sh,
if (module_name == NULL) {
module_name = strdup(filename);
if (module_name == NULL) {
- ERR(sh, "No memory available for module_name.\n");
+ ERR(sh, "No memory available for module_name.");
retval = -1;
goto cleanup;
}
} else if (strcmp(module_name, filename) != 0) {
- fprintf(stderr, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", install_filename, module_name, filename);
+ ERR(sh, "Warning: SELinux userspace will refer to the module from %s as %s rather than %s\n", install_filename, module_name, filename);
}
retval = semanage_direct_install(sh, contents.data, contents.len,
@@ -1800,7 +1796,7 @@ static int semanage_direct_extract(semanage_handle_t * sh,
}
if (stat(module_path, &sb) != 0) {
- ERR(sh, "Unable to access %s: %s\n", module_path, strerror(errno));
+ ERR(sh, "Unable to access %s.", module_path);
rc = -1;
goto cleanup;
}
@@ -1831,7 +1827,7 @@ static int semanage_direct_extract(semanage_handle_t * sh,
if (extract_cil == 1 && strcmp(_modinfo->lang_ext, "cil") && stat(input_file, &sb) != 0) {
if (errno != ENOENT) {
- ERR(sh, "Unable to access %s: %s\n", input_file, strerror(errno));
+ ERR(sh, "Unable to access %s.", input_file);
rc = -1;
goto cleanup;
}
@@ -1996,7 +1992,7 @@ static int semanage_direct_get_enabled(semanage_handle_t *sh,
if (stat(path, &sb) < 0) {
if (errno != ENOENT) {
- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ ERR(sh, "Unable to access %s.", path);
status = -1;
goto cleanup;
}
@@ -2329,7 +2325,7 @@ static int semanage_direct_get_module_info(semanage_handle_t *sh,
/* set enabled/disabled status */
if (stat(fn, &sb) < 0) {
if (errno != ENOENT) {
- ERR(sh, "Unable to access %s: %s\n", fn, strerror(errno));
+ ERR(sh, "Unable to access %s.", fn);
status = -1;
goto cleanup;
}
@@ -2758,7 +2754,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh,
/* validate module info */
ret = semanage_module_info_validate(modinfo);
if (ret != 0) {
- ERR(sh, "%s failed module validation.\n", modinfo->name);
+ ERR(sh, "%s failed module validation.", modinfo->name);
status = -2;
goto cleanup;
}
@@ -2846,7 +2842,7 @@ static int semanage_direct_install_info(semanage_handle_t *sh,
if (stat(path, &sb) == 0) {
ret = unlink(path);
if (ret != 0) {
- ERR(sh, "Error while removing cached CIL file %s: %s", path, strerror(errno));
+ ERR(sh, "Error while removing cached CIL file %s.", path);
status = -3;
goto cleanup;
}
diff --git a/src/genhomedircon.c b/src/genhomedircon.c
index 230015c..9f128d9 100644
--- a/src/genhomedircon.c
+++ b/src/genhomedircon.c
@@ -1105,7 +1105,7 @@ static int get_group_users(genhomedircon_settings_t * s,
goto cleanup;
if (group == NULL) {
- ERR(s->h_semanage, "Can't find group named %s\n", grname);
+ ERR(s->h_semanage, "Can't find group named %s", grname);
goto cleanup;
}
diff --git a/src/handle.c b/src/handle.c
index 710d922..7f99c4e 100644
--- a/src/handle.c
+++ b/src/handle.c
@@ -153,7 +153,7 @@ int semanage_get_hll_compiler_path(semanage_handle_t *sh,
lower_lang_ext = strdup(lang_ext);
if (lower_lang_ext == NULL) {
- ERR(sh, "Could not create copy of lang_ext. Out of memory.\n");
+ ERR(sh, "Could not create copy of lang_ext. Out of memory.");
status = -1;
goto cleanup;
}
diff --git a/src/parse_utils.c b/src/parse_utils.c
index 13837c8..cf7f7df 100644
--- a/src/parse_utils.c
+++ b/src/parse_utils.c
@@ -47,8 +47,8 @@ int parse_open(semanage_handle_t * handle, parse_info_t * info)
info->file_stream = fopen(info->filename, "re");
if (!info->file_stream && (errno != ENOENT)) {
- ERR(handle, "could not open file %s: %s",
- info->filename, strerror(errno));
+ ERR(handle, "could not open file %s.",
+ info->filename);
return STATUS_ERR;
}
if (info->file_stream)
diff --git a/src/semanage_store.c b/src/semanage_store.c
index 69d2f70..8c7bc31 100644
--- a/src/semanage_store.c
+++ b/src/semanage_store.c
@@ -1590,7 +1590,7 @@ static int sefcontext_compile(semanage_handle_t * sh, const char *path) {
if (stat(path, &sb) < 0) {
if (errno != ENOENT) {
- ERR(sh, "Unable to access %s: %s\n", path, strerror(errno));
+ ERR(sh, "Unable to access %s.", path);
return -1;
}
@@ -1777,11 +1777,11 @@ static int semanage_commit_sandbox(semanage_handle_t * sh)
/* sync changes in sandbox to filesystem */
fd = open(sandbox, O_DIRECTORY | O_CLOEXEC);
if (fd == -1) {
- ERR(sh, "Error while opening %s for syncfs(): %d", sandbox, errno);
+ ERR(sh, "Error while opening %s for syncfs().", sandbox);
return -1;
}
if (syncfs(fd) == -1) {
- ERR(sh, "Error while syncing %s to filesystem: %d", sandbox, errno);
+ ERR(sh, "Error while syncing %s to filesystem.", sandbox);
close(fd);
return -1;
}
--
2.33.0

47
backport-libsemanage-handle-shell-allocation-failure.patch Normal file
View File

@ -0,0 +1,47 @@
From 9bde761fcb912fded145a16de767afe8a8a3977f Mon Sep 17 00:00:00 2001
From: changhan <changhan@xfusion.com>
Date: Fri, 18 Apr 2025 11:47:37 +0800
Subject: [PATCH] libsemanage-handle-shell-allocation-failure
Reference:https://github.com/SELinuxProject/selinux/commit/dcd755abdde87abdbb43855b7b1bc28d56a21c51
---
src/genhomedircon.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/genhomedircon.c b/src/genhomedircon.c
index b35d7ba..230015c 100644
--- a/src/genhomedircon.c
+++ b/src/genhomedircon.c
@@ -228,7 +228,7 @@ static semanage_list_t *get_shell_list(void)
free(temp);
semanage_list_destroy(&list);
fclose(shells);
- return default_shell_list();
+ return NULL;
}
}
}
@@ -333,14 +333,18 @@ static semanage_list_t *get_home_dirs(genhomedircon_settings_t * s)
return homedir_list;
shells = get_shell_list();
- assert(shells);
+ if (!shells) {
+ ERR(s->h_semanage, "Allocation failure!");
+ goto fail;
+ }
path = semanage_findval(PATH_ETC_LOGIN_DEFS, "UID_MIN", NULL);
if (path && *path) {
temp = atoi(path);
minuid = temp;
minuid_set = 1;
}
+
free(path);
path = NULL;
--
2.33.0

41
backport-libsemanage-optimize-policy-by-default.patch Normal file
View File

@ -0,0 +1,41 @@
From 22e2743d22ed6159feee1831046872641cd5ad0c Mon Sep 17 00:00:00 2001
From: changhan <changhan@xfusion.com>
Date: Fri, 18 Apr 2025 17:18:02 +0800
Subject: [PATCH] libsemanage-optimize-policy-by-default
Reference:https://github.com/SELinuxProject/selinux/commit/66da657a094a725d5f9d8e2441410afaa44bb7f3
---
man/man5/semanage.conf.5 | 2 +-
src/conf-parse.y | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/man/man5/semanage.conf.5 b/man/man5/semanage.conf.5
index 380b58b..b043fe5 100644
--- a/man/man5/semanage.conf.5
+++ b/man/man5/semanage.conf.5
@@ -124,7 +124,7 @@ In order to compile the original HLL file into CIL, the same HLL file will need
.TP
.B optimize-policy
When set to "true", the kernel policy will be optimized upon rebuilds.
-It can be set to either "true" or "false" and by default it is set to "false".
+It can be set to either "true" or "false" and by default it is set to "true".
.SH "SEE ALSO"
.TP
diff --git a/src/conf-parse.y b/src/conf-parse.y
index 343fbf8..12f94b7 100644
--- a/src/conf-parse.y
+++ b/src/conf-parse.y
@@ -364,7 +364,7 @@ static int semanage_conf_init(semanage_conf_t * conf)
conf->bzip_small = 0;
conf->ignore_module_cache = 0;
conf->remove_hll = 0;
- conf->optimize_policy = 0;
+ conf->optimize_policy = 1;
conf->save_previous = 0;
conf->save_linked = 0;
--
2.33.0

63
backport-libsemanage-simplify-file-deletion.patch Normal file
View File

@ -0,0 +1,63 @@
From 46b6d4593fd0bf3286977a9fe7d48f849524543c Mon Sep 17 00:00:00 2001
From: changhan <changhan@xfusion.com>
Date: Fri, 18 Apr 2025 16:43:48 +0800
Subject: [PATCH] libsemanage-simplify-file-deletion
Reference: https://github.com/SELinuxProject/selinux/commit/d3a5ae39bee42eac520a3d07f252251a2167a323
---
src/direct_api.c | 24 +++++++++---------------
1 file changed, 9 insertions(+), 15 deletions(-)
diff --git a/src/direct_api.c b/src/direct_api.c
index 025b26e..03fc6ad 100644
--- a/src/direct_api.c
+++ b/src/direct_api.c
@@ -2738,7 +2738,6 @@ static int semanage_direct_install_info(semanage_handle_t *sh,
int status = 0;
int ret = 0;
int type;
- struct stat sb;
char path[PATH_MAX];
mode_t mask = umask(0077);
@@ -2839,13 +2838,11 @@ static int semanage_direct_install_info(semanage_handle_t *sh,
goto cleanup;
}
- if (stat(path, &sb) == 0) {
- ret = unlink(path);
- if (ret != 0) {
- ERR(sh, "Error while removing cached CIL file %s.", path);
- status = -3;
- goto cleanup;
- }
+ ret = unlink(path);
+ if (ret != 0 && errno != ENOENT) {
+ ERR(sh, "Error while removing cached CIL file %s.", path);
+ status = -3;
+ goto cleanup;
}
}
@@ -2942,13 +2939,10 @@ static int semanage_direct_remove_key(semanage_handle_t *sh,
goto cleanup;
}
- struct stat sb;
- if (stat(path, &sb) == 0) {
- ret = unlink(path);
- if (ret != 0) {
- status = -1;
- goto cleanup;
- }
+ ret = unlink(path);
+ if (ret != 0 && errno != ENOENT) {
+ status = -1;
+ goto cleanup;
}
}
else {
--
2.33.0

18
libsemanage.spec
View File

@ -3,7 +3,7 @@
Name: libsemanage
Version: 3.5
Release: 2
Release: 6
License: LGPLv2+
Summary: SELinux binary policy manipulation library
URL: https://github.com/SELinuxProject/selinux/wiki
@ -21,6 +21,10 @@ Patch6007: backport-libsemanage-check-for-path-formatting-failures.patch
Patch6008: backport-libsemanage-set-O_CLOEXEC-flag-for-file-descriptors.patch
Patch6009: backport-libsemanage-check-closing-written-files.patch
Patch6010: backport-libsemanage-handle-cil_set_handle_unknown-failure.patch
Patch6011: backport-libsemanage-handle-shell-allocation-failure.patch
Patch6012: backport-libsemanage-drop-duplicate-newlines-and-error-descriptions-in-error-messages.patch
Patch6013: backport-libsemanage-simplify-file-deletion.patch
Patch6014: backport-libsemanage-optimize-policy-by-default.patch
Patch9000: fix-test-failure-with-secilc.patch
@ -116,6 +120,18 @@ make test
%changelog
* Sun Apr 20 2025 changhan <changhan@xfusion.com> - 3.5-6
- backport libsemanage: optimize policy by default
* Sat Apr 19 2025 changhan <changhan@xfusion.com> - 3.5-5
- backport libsemanage: simplify file deletion
* Fri Apr 18 2025 changhan <changhan@xfusion.com> - 3.5-4
- backport libsemanage: drop duplicate newlines and error descriptions in error messages
* Fri Apr 18 2025 changhan <changhan@xfusion.com> - 3.5-3
- backport libsemanage: handle shell allocation failure
* Mon Mar 17 2025 hugel<gengqihu2@h-partners.com> - 3.5-2
- backport patches from upstream